isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,579 Commits 1 Branch 0 Tags
c7157ce0b13b032e73e4ea70e95f45bba4afd813
Commit Graph

284 Commits

Author SHA1 Message Date
Todd C. Miller
c7157ce0b1 Move a few fields from sudoers_user_contect to sudoers_context. 
They are not really specific to the user or user-specified.
 2023-08-21 15:30:12 -06:00
Todd C. Miller
8161205447 MODE_KILL is never set in the sudoers plugin, remove it. 2023-08-21 12:52:21 -06:00
Todd C. Miller
ff5914d7f7 Move sudoedit_nfiles into struct sudoers_context. 2023-08-21 10:47:25 -06:00
Todd C. Miller
3473bf9360 Move sudo_mode into struct sudoers_context. 2023-08-21 10:47:23 -06:00
Todd C. Miller
837da1bef0 Move NewArgv, NewArgc and saved_argv into struct sudoers_context. 2023-08-21 09:22:24 -06:00
Todd C. Miller
87571dab0a Add struct sudoers_conf to struct sudoers_plugin_context. 
There's now no need to pass this directly to init_parser() since we
already pass in a pointer to a sudoers_context struct.
 2023-08-21 09:21:54 -06:00
Todd C. Miller
9e53d903ea Store policy paths in struct sudoers_context. 
This removes the need for the getters in policy.c.
 2023-08-21 09:21:53 -06:00
Todd C. Miller
bbaf293912 Add sudoers_ctx_free() and use it for freeing struct sudoers context. 
This replaces sudoers_user_ctx_free() and sudoers_runas_ctx_free().
 2023-08-21 09:21:52 -06:00
Todd C. Miller
2440174954 Make struct sudoers_context private to sudoers.c. 
We now pass a pointer to the context where necessary.  There are a
few cases where we need to request the context from sudoers via
sudoers_get_context() for the plugin API functions.  If the plugin
API was able to pass around a closure pointer this would not be
necessary.
 2023-08-21 09:21:49 -06:00
Todd C. Miller
2d2529a15e Add a sudoers_context struct that embeds the user and runas structs. 2023-08-20 16:27:08 -06:00
Todd C. Miller
20baa39007 Move max_groups out of sudoers_user_context and into pwutil.c. 
It is only used by the local password pwutil implementation.
 2023-08-14 16:29:15 -06:00
Todd C. Miller
737354390c Pass in directory to check_user_runchroot() and check_user_runcwd(). 
This way we do not rely on the runas_ctx global.
 2023-08-14 13:25:13 -06:00
Todd C. Miller
08afb5183f Move RUNAS_{USER,GROUP}_SPECIFIED flags into struct sudoers_runas_context. 2023-08-14 09:01:39 -06:00
Todd C. Miller
392f0d61cb Make path_plugin_dir private to policy.c and add getter. 2023-08-13 17:05:00 -06:00
Todd C. Miller
217b7b46f3 Move list_pw global into struct runas_context. 2023-08-13 09:34:57 -06:00
Todd C. Miller
a321e6cedf Add struct sudoers_runas_context and move runas-specific bits into it. 2023-08-12 14:20:30 -06:00
Todd C. Miller
d8b28dad97 Expand the user_* (and more) macros to user_ctx.foo. 2023-08-12 10:39:59 -06:00
Todd C. Miller
30c49288f7 Make sudoers_user_ctx_free() private to sudoers.c 2023-08-12 10:39:48 -06:00
Todd C. Miller
bd8cccb5dd Rename struct sudo_user -> struct sudo_user_context. 
Also rename the sudo_user global to user_ctx.
 2023-08-12 10:39:47 -06:00
Todd C. Miller
603148e7f2 Move sudoers parser callbacks to callbacks.c. 2023-08-10 15:49:30 -06:00
Todd C. Miller
e178b85821 Store the source of the matching rule and store in the event log. 
The JSON logs will store the matching rule source.
 2023-08-08 09:57:09 -06:00
Todd C. Miller
cbcb1d2506 sudoers plugin: make more bit flags unsigned. 2023-07-10 11:06:23 -06:00
Todd C. Miller
01ad570e24 Move check_user_* functions to check_util.c so testsudoers can use them. 2023-06-30 10:43:18 -06:00
Todd C. Miller
f352ef5d67 Move parser prototypes / externs from sudoers.h to parse.h or toke.h. 2023-05-09 14:01:41 -06:00
Todd C. Miller
8cbd5462a6 Move sudoers search path to struct sudoers_parser_config. 
That way we can avoid passing it to init_parser() directly.
We still need sudoers_search_path to be shared between the lexer
and the parser.
 2023-05-08 17:04:38 -06:00
Todd C. Miller
9d7c30c5a8 Add struct sudoers_parser_config and pass it to init_parser(). 
This struct contains parser configuration such as the sudoers file
uid/gid/mode and parse flags such as verbose, strict and recovery.
 2023-05-08 17:03:31 -06:00
Todd C. Miller
c0fa3a4d24 Rename force_umask to override_umask and make it private to sudoers.c. 
Add getter for policy.c.
 2023-05-04 13:46:20 -06:00
Todd C. Miller
72489d7a83 Make timestamp_uid and timestamp_gid private to timestamp.c. 
Add getter (for set_perms.c) and setter (for sudoers.c).
 2023-05-04 13:08:23 -06:00
Todd C. Miller
d5de5890f5 Make login_style private to bsdauth.c 
Add a setter for policy.c to handle auth_type from the front-end.
 2023-05-04 13:06:09 -06:00
Todd C. Miller
80768ed3a8 Make path_ldap_conf and path_ldap_secret private to policy.c. 
Add getters for both so the ldap code can access them.
 2023-05-02 10:47:53 -06:00
Todd C. Miller
f553ddc430 Make sudoers_file private to policy.c and visudo.c. 
We just need a way for the policy (and visudo) to override the
default sudoers path.  This adds a getter to be used in file.c when
sudoers is first opened.
 2023-05-02 10:47:47 -06:00
Todd C. Miller
5446b009e3 Support adminconfdir for relative include paths in sudoers. 2023-05-02 10:47:11 -06:00
Todd C. Miller
f17b35471f Support sudoers_file being a colon-separated path of files. 
The first file found is used.
 2023-05-02 10:37:38 -06:00
Todd C. Miller
d7b8f3ffbf Split up the monolithic sudoers_policy_main() function. 
This splits the code to find the command, perform a sudoers lookup,
ask for a password as needed, and perform post-lokup checks out
into sudoers_check_common().  The old sudoers_policy_main() has
been replaced by sudoers_check_cmnd() (called by sudoers_policy_check()),
sudoers_validate_user() (called by sudoers_policy_validate()) and
sudoers_list() (called by sudoers_policy_list()).  The list_user
lookup is now performed in sudoers_list().
 2023-04-05 13:35:09 -06:00
Todd C. Miller
28ecbe4d51 Warn about ignored files in sudoers.d in visudo. 2023-03-20 18:29:33 -06:00
Todd C. Miller
8049e4e32f Replace sudoers_warnings with sudoers_verbose. 
This is now an int, with values > 1 reserved for visudo.
 2023-03-20 18:27:27 -06:00
Todd C. Miller
0ef5373678 Add canon_path(), a realpath() wrapper that performs caching. 
This also adds a new user_cmnd_dir variable that stores the
canonicalized parent directory of the command to be run.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
bff4e3ce16 set_cmnd_path: apply runchroot if set when finding the command path 
Previously we would prepend runchroot to the path we were checking
but that does not properly handle symbolic links.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
13a311bc71 Add pivot_root() and unpivot_root() to switch the root dir and restore it. 
This will be used to more accurately handling command resolution and
path matching when a new root directory is specified.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
0865e61d9e Pass back the number of files to edit when using sudoedit. 
The sudo front-end can use this to determine where the list of files
to edit begins.
 2023-01-18 13:38:15 -07:00
Todd C. Miller
a514a6eed5 Add "list" pseudo-command to allow a user to list another user's 
privs.  Previously, only root or a user with the ability to run any
command as either root or the target user on the current host could
use the -U option.  For "sudo -l [-U otheruser] command", NewArgv[0]
is now set to "list" (just like "sudo -l") and the actual command
to be checked starts with NewArgv[1].
 2022-12-11 13:46:00 -07:00
Todd C. Miller
57b5ff8e8c Avoid a -Wshadow warning on Solaris 9. 2022-10-07 11:00:17 -06:00
Todd C. Miller
ce387a6849 Split log_{input,output} into log_{stdin,ttyin} and log_{ttyout,stdout,stderr} 
If log_input is set, log_{stdin,ttyin} will be set as well.
If log_output is set, log_{stdout,stderr,ttyout} will be set as well.
This provides more fine-grained control over I/O logging and makes it
possible to disable logging piped or redirected intput or output.
 2022-09-20 14:35:12 -06:00
Todd C. Miller
4989856321 Use tcpgid if passed from sudo front-end and use it in tty_present(). 
This can be used as another indicator that a terminal is present
without having to open /dev/tty.
 2022-09-15 16:34:49 -06:00
Todd C. Miller
556dacf1ff Add a way to run a command without updating the cached credentials. 
This can also be used to test for whether or not the user's
credentials are currently cached.
 2022-08-02 14:28:28 -06:00
Todd C. Miller
885abf48d7 Save the initial command run via sudo and use it when logging exit status. 
Otherwise, if we are in intercept mode or logging sub-commands the
exit status will be logged with the wrong command.
 2022-06-30 11:10:43 -06:00
Todd C. Miller
13672f28df Make sudo pass -Wwrite-strings 2022-06-28 16:33:15 -06:00
Todd C. Miller
d04810c4f2 Save a pointer to the event_alloc parameter in the plugin open function. 
That way we don't need to pass event_alloc around to the log client
functions.
 2022-06-09 13:05:21 -06:00
Todd C. Miller
f16754a1dd Merge branch 'main' into apparmor_support 2022-05-27 08:25:12 -06:00
Todd C. Miller
6ced49a34d Reset intercept_allow_setid if intercept_type changes from trace to dso. 
But only reset intercept_allow_setid if the user didn't explicitly set it.
 2022-05-25 10:09:08 -06:00